This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.

Does this look correct, or am I missing something or doing something wrong?

I use Spring Core and Spring Security 3.0.0.RC1, and my REST controllers usually have the sequence of using SecurityContextHolder.getContext().getAuthenticati on().getName() to look up the user in the UserDAO and check that it has access to this resource. If it has that, do the required actions of using other services (that use other DAOs) to perform the desired action. Does this sound all right?

Running this by itself works great, I get the data back in a hurry and the data are correct and if I authenticate with a user that doesn't have access, he is denied.

But! When running two identical requests at the same time, one will work as expected, and one will fail, apparently by having its database connection closed during execution:

Code:

java.util.ConcurrentModificationException
at java.util.LinkedHashMap$LinkedHashIterator.nextEntry(LinkedHashMap.java:373)
at java.util.LinkedHashMap$ValueIterator.next(LinkedHashMap.java:388)
at org.hibernate.engine.StatefulPersistenceContext.afterTransactionCompletion(StatefulPersistenceContext.java:253)
at org.hibernate.impl.SessionImpl.afterTransactionCompletion(SessionImpl.java:450)
at org.hibernate.jdbc.JDBCContext.afterNontransactionalQuery(JDBCContext.java:271)
at org.hibernate.impl.SessionImpl.afterOperation(SessionImpl.java:444)
at org.hibernate.impl.SessionImpl.list(SessionImpl.java:1604)
at org.hibernate.impl.CriteriaImpl.list(CriteriaImpl.java:306)
at tld.mydomain.business.UserServiceImpl.lookupUser(UserServiceImpl.java:35)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at $Proxy22.lookupUser(Unknown Source)

It happens that I get other, similar errors. The following exception is from the { ... } code where I simply look up the paths for this user using the PathService, and limit it by ID. Again it is quite simple,

org.hibernate.SessionException: Session is closed!
at org.hibernate.impl.AbstractSessionImpl.errorIfClosed(AbstractSessionImpl.java:72)
at org.hibernate.impl.SessionImpl.getBatcher(SessionImpl.java:287)
at org.hibernate.loader.Loader.doQuery(Loader.java:749)
at org.hibernate.loader.Loader.doQueryAndInitializeNonLazyCollections(Loader.java:259)
at org.hibernate.loader.Loader.doList(Loader.java:2228)
at org.hibernate.loader.Loader.listIgnoreQueryCache(Loader.java:2125)
at org.hibernate.loader.Loader.list(Loader.java:2120)
at org.hibernate.loader.criteria.CriteriaLoader.list(CriteriaLoader.java:118)
at org.hibernate.impl.SessionImpl.list(SessionImpl.java:1596)
at org.hibernate.impl.CriteriaImpl.list(CriteriaImpl.java:306)
at org.hibernate.impl.CriteriaImpl$Subcriteria.list(CriteriaImpl.java:481)
at tld.mydomain.business.PathServiceImpl.pathsForSingleUser(PathServiceImpl.java:65)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at $Proxy24.vejeWithByggesag(Unknown Source)
at tld.mydomain.view.web.controller.RestrictedController.getMyPathViaID(RestrictedController.java:79)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

When I used my _authenticationManager, this worked great, but now I seem to be closing database sessions too often, even though I don't have any of my own code closing any as far as I'm aware. Any suggestions to what is going on and what I can do about it?

It seems that I had a big problem in database session handling in my DAO, so I've made a write-up of my solution at StackOverflow and asked for people's opinion on the solution. I hope it doesn't give more issues :-)